[Newsclips] IETF SYN-ACK Newspack 2022-05-23

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

International Digital Standards: A Case for the Involvement of Actors in the ARIN Service Region

The international community has already raised and recognized the importance of the involvement of small, developing countries in standard-setting processes. Yet the so-called standardization gap — the limited or non-participation of actors from developing countries — is still a reality, including in the ARIN service region. ... Digital standards are developed at the national, regional, and international level. The key SDOs that deal with digital standards include: the ISO, the IEC, the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), the Institute of Electrical and Electronics Engineers Standards Association (IEEE SA), the 3rd Generation Partnership Project (3GPP), the Internet Engineering Task Force (IETF), and the World Wide Web Consortium (W3C).

< <https://www.arin.net/blog/2022/05/17/international-digital-standards-involvement-actors-arin-service-region/> https://www.arin.net/blog/2022/05/17/international-digital-standards-involvement-actors-arin-service-region/>

 

Making the metaverse: What it is, how it will be built, and why it matters by Nick Clegg

... Other internet technologies have longer and even more complicated histories than the GIF. Email, for example, has a history of more than fifty years of technical standards evolution. And the list goes on: sharing a video, creating a webpage, even texting someone, requires the development and adoption of a common technical language. Today, the internet is open and accessible to billions of people because of the work of standards-setting bodies like the IETF or the W3C, the innovations of luminaries like Vint Cerf and Bob Kahn who developed the TCP/IP protocol, government projects like ARPA, and the creations of companies like CompuServe.

< <https://nickclegg.medium.com/making-the-metaverse-what-it-is-how-it-will-be-built-and-why-it-matters-3710f7570b04> https://nickclegg.medium.com/making-the-metaverse-what-it-is-how-it-will-be-built-and-why-it-matters-3710f7570b04>

 

NSA involvement in encryption project raises suspicions

The National Security Agency is assisting with an effort to define a new encryption standard that's unbreakable by the quantum computers of the future, and the agency has promised it won't build secret vulnerabilities into the standard. ... However, a NIST spokesman said NSA's involvement in the project is "limited." The NSA provided feedback as a stakeholder on its "priorities and plans for post-quantum cryptography in national security systems" and on related efforts in standards development organizations, such as the Internet Engineering Task Force, he said.

< <https://www.washingtonexaminer.com/policy/technology/nsa-involvement-in-encryption-project-raises-suspicions> https://www.washingtonexaminer.com/policy/technology/nsa-involvement-in-encryption-project-raises-suspicions>

< <https://www.msn.com/en-us/news/technology/nsa-involvement-in-encryption-project-raises-suspicions/ar-AAXuVc9> https://www.msn.com/en-us/news/technology/nsa-involvement-in-encryption-project-raises-suspicions/ar-AAXuVc9>

 

DNS Over HTTPS: Facts You Should Know

A new protocol, DNS over HTTPS (DoH), is a sensation in modern times, designed for enterprise security products and policies. A combination of DNS protocol and HTTPS protocol, DoH affects businesses, organisations, and regular users. DNS over HTTPS is used to enhance the security of network communication. What is DNS over HTTPS (DoH)? In the late 1980s, the Internet Engineering Task Force (IETF) proposed the concept of DNS Over HTTPS because of the rise in malicious attacks on networks. Earlier, DNS queries between the web application and the servers of the DNS were done in plain text using the settings given by the network provider or ISP (Internet Service Provider).

< <https://thecyphere.com/blog/dns-over-https/> https://thecyphere.com/blog/dns-over-https/>

< <https://securityboulevard.com/2022/05/dns-over-https-facts-you-should-know/> https://securityboulevard.com/2022/05/dns-over-https-facts-you-should-know/>

 

LoRa Alliance adds IPv6 Over LoRaWAN

... The successful development of IPv6 Over LoRaWAN is credited to the active collaboration of LoRa Alliance members in the Internet Engineering Task Force (IETF) to specify the Static Context Header Compression (SCHC) and fragmentation techniques, which makes transport of the IP packets over LoRaWAN very efficient. The LoRa Alliance IPv6 over LoRaWAN Task Force then took the SCHC specification (RFC 90111) and integrated it into the body of the LoRaWAN standard.

< <https://www.eenewseurope.com/en/lora-alliance-adds-ipv6-over-lorawan/> https://www.eenewseurope.com/en/lora-alliance-adds-ipv6-over-lorawan/>

< <https://www.thefastmode.com/technology-solutions/24979-lora-alliance-launches-ipv6-over-lorawan> https://www.thefastmode.com/technology-solutions/24979-lora-alliance-launches-ipv6-over-lorawan>

 

Verbesserte Namensauflösung: IETF veröffentlicht RFC zum Internetprotokoll QUIC [Improved name resolution: IETF publishes RFC for the Internet protocol QUIC]

Die Internet Engineering Task Force (IETF) hat den RFC 9250 zu DNS over QUIC (DoQ) veröffentlicht. Er verspricht eine bessere Namensauflösung bei höherer Geschwindigkeit. Seit geraumer Zeit schon werden Verschlüsselungsprotokolle für die Namensauflösung (DNS) kontrovers diskutiert, darunter DNS over TLS (DoT) und DNS over HTTPS (DoH). Mit dem noch recht jungen Protokoll QUIC möchte die IETF nun dessen positiven protokollinhärenten Eigenschaften für die Namensauflösung nutzen.

< <https://www.heise.de/news/Verbesserte-Namensaufloesung-IETF-veroeffentlicht-RFC-zum-Internetprotokoll-QUIC-7097921.html> https://www.heise.de/news/Verbesserte-Namensaufloesung-IETF-veroeffentlicht-RFC-zum-Internetprotokoll-QUIC-7097921.html>

 

Messenger-Esperanto: EU und IETF gegen babylonische Messenger-Verwirrung [Messenger Esperanto: EU and IETF against Babylonian Messenger Confusion]

Die Industrie verliert im Wettbewerbseifer gerne den Blick fürs große Ganze und so auch bei der Entwicklung der Messenger: Weil jeder Hersteller nur an sein eigenes Süppchen denkt, bleibt die Interoperabilität auf der Strecke. Nun wird die EU die Anbieter wohl dazu zwingen.

< <https://www.heise.de/select/ct/2022/12/2208416445027912933> https://www.heise.de/select/ct/2022/12/2208416445027912933>

 

Sécurité numérique : « Les projets industriels devraient déjà intégrer la cryptographie quantique » [Digital security: "Industrial projects should already integrate quantum cryptography"] [subscription]

Le professeur en gestion du risque Charles Cuvelliez et l’expert en cryptographie Jean-Jacques Quisquater analysent, dans une tribune au « Monde », l’enjeu de la décision prise par Jo Biden de demander à l’administration américaine de préparer un plan de migration vers la cryptographie quantique.

< <https://www.lemonde.fr/idees/article/2022/05/22/securite-numerique-les-projets-industriels-devraient-deja-integrer-la-cryptographie-quantique_6127172_3232.html> https://www.lemonde.fr/idees/article/2022/05/22/securite-numerique-les-projets-industriels-devraient-deja-integrer-la-cryptographie-quantique_6127172_3232.html>

 

Internet, la cortina de hierro digital y el nuevo escenario de la disputa geopolítica global [The Internet, the Digital Iron Curtain and the New Scenario of the Global Geopolitical Dispute]

... Los gobiernos y los distintos actores del ecosistema digital deben sostener y promover la Internet descentralizada y el modelo de gobernanza global multisectorial, fortaleciendo las instituciones existentes, como la Internet Engineering Task Force (IETF) o la Corporación de Internet para la Asignación de Nombres y Números (ICANN), profundizando la participación y colaboración en la elaboración de los protocolos y estándares de Internet, con el objetivo de alejar las amenazas de fragmentación.

< <https://www.nuevarioja.com.ar/columnistas/773-internet-la-cortina-de-hierro-digital-y-el-nuevo-escenario-de-la-disputa-geopolitica-global> https://www.nuevarioja.com.ar/columnistas/773-internet-la-cortina-de-hierro-digital-y-el-nuevo-escenario-de-la-disputa-geopolitica-global>

 

VPN·SDP 결합으로 안전하고 현실적인 ZTNA 구현 [VPN· SDP Combination Enables Safe and Realistic ZTNA]

... IPSec(Internet Protocol Security)은 국제 인터넷 표준화 기구(IETF)에서 설계한 표준(RFC2401)으로 IPv4에서 보안이 필요한 경우에만 선택적으로 사용했지만, IPv6부터는 기본 스펙에 포함돼 있다.

< <https://www.datanet.co.kr/news/articleView.html?idxno=172726> https://www.datanet.co.kr/news/articleView.html?idxno=172726>

 

基于IPv6物联网技术的智能营配终端助力国家电网能源互联网建设 [Intelligent distribution terminals based on IPv6 Internet of Things technology help the construction of the State Grid Energy Internet]

... 3、营配智能终端与配用电设备之间的通信通道能否做到冗余备份？ IPv6技术本身为实现万物互联而诞生，对常见的无线及有线物联媒介具有较好的灵活适应性。中国电力科学研究院有限公司（以下简称“电科院”）和华为技术有限公司（以下简称“华为”）通过在传统配用电设备侧加装IP化HPLC/RF通信单元，在L2 HPLC和微功率无线链路层基础上，在L3上采用IETF IPv6短距物联网络技术（即

< <https://news.bjx.com.cn/html/20220519/1226299.shtml> https://news.bjx.com.cn/html/20220519/1226299.shtml>

 

是挑战更是机遇：理性看待欧盟《Open RAN安全性报告》 [A Challenge is an Opportunity: A Rational Look at the EU's Open RAN Security Report]

... SFG包含四个工作项目：威胁模型和补救分析、安全需求规范、安全协议规范、安全测试规范。同时，SFG遵从3GPP的安全规范，并对风险点做了额外安全要求，引用众多ISO、IETF、IEEE等已有国际安全标准。

< <https://finance.sina.com.cn/tech/2022-05-19/doc-imcwipik0777534.shtml?finpagefr=p_114> https://finance.sina.com.cn/tech/2022-05-19/doc-imcwipik0777534.shtml?finpagefr=p_114>

 

元宇宙还没来，但娱乐方式要变了 [The metaverse hasn't come yet, but the way of entertainment is about to change]

... 2021年1月26日，W3C Web实时通信工作组发布WebRTC 1.0:浏览器间实时通信（WebRTC 1.0: Real-Time Communication Between Browsers）正式推荐标准。文档定义了一组JavaScript API，允许在实现了IETF定义的适当实时协议的浏览器或设备之间交换媒体内容和通用应用程序数据。

< <https://finance.sina.com.cn/tech/2022-05-18/doc-imcwipik0479069.shtml?finpagefr=p_114> https://finance.sina.com.cn/tech/2022-05-18/doc-imcwipik0479069.shtml?finpagefr=p_114>

 

加快部署抗量子密码领域研究 [Accelerate the deployment of research in the field of anti-quantum cryptography]

... 产业界方面，国际互联网工程任务组（IETF）发布哈希类抗量子密码技术标准；谷歌、微软、东芝、LG、CryptoNext等企业已开展抗量子密码技术和产品研发，在水下数据中心、地铁等进行抗量子密码试验，推出相关商业服务和升级产品等。

< <https://news.sciencenet.cn/htmlnews/2022/5/479179.shtm> https://news.sciencenet.cn/htmlnews/2022/5/479179.shtm>

 

**********************

SECURITY & PRIVACY

**********************

Cybersecurity of 5G networks: EU publishes report on the security of Open RAN

EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published a report on the cybersecurity of Open Radio Access Networks (Open RAN). This new type of 5G network architecture will in the coming years provide an alternative way of deploying the radio access part of 5G networks based on open interfaces.

< <https://digital-strategy.ec.europa.eu/en/news/cybersecurity-5g-networks-eu-publishes-report-security-open-ran> https://digital-strategy.ec.europa.eu/en/news/cybersecurity-5g-networks-eu-publishes-report-security-open-ran>

 

Bypassing CDN WAFs with alternate domain routing

Content Distribution Networks (CDNs), such as CloudFront and CloudFlare, are used to improve the performance and security of public-facing websites. Features of CDNs can include IP firewalling, client and server authentication, and Web Application Firewall (WAF) filtering for protecting origin (backend web application) servers. These features present obstacles for an attacker when trying to exploit security vulnerabilities that may exist in the underlying application.

< <https://blog.apnic.net/2022/05/19/bypassing-cdn-wafs-with-alternate-domain-routing/> https://blog.apnic.net/2022/05/19/bypassing-cdn-wafs-with-alternate-domain-routing/>

 

Why And How to Eliminate Security’s Biggest Blind Spot: Transport Layer Security (TLS) by Bassam Khan, VP of Product and Technical Marketing Engineering, Gigamon

Many who work in IT are still of the mindset that encrypted traffic means safe traffic. That’s a dangerous generalization. Encrypted traffic simply means it’s private, and private communications does not equate to safe communications.

< <https://www.cyberdefensemagazine.com/why-and-how/> https://www.cyberdefensemagazine.com/why-and-how/>

 

Weak Security Controls and Practices Routinely Exploited for Initial Access

Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.

< <https://www.cisa.gov/uscert/ncas/alerts/aa22-137a> https://www.cisa.gov/uscert/ncas/alerts/aa22-137a>

 

**********************

INTERNET OF THINGS

**********************

us: Cybersecurity for IoT: The Road We’ve Traveled, The Road Ahead

The NIST Cybersecurity for IoT program published Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTIR 8228) in June 2019, nearly 3 years ago. Since then, IoT technology has continued to develop and be adopted across sectors and markets. NIST’s own work, both in and outside IoT, has also progressed since the publication of NISTIR 8228. These developments warrant a new look at the contents of NISTIR 8228 and at future IoT cybersecurity priorities at NIST.

< <https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-iot-road-weve-traveled-road-ahead> https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-iot-road-weve-traveled-road-ahead>

 

Standard challenges for IoT devices

Industry 4.0 adoption is pushing industry towards a more automated, and sophisticated manufacturing process. As devices, systems and processes become increasingly digitalised and interconnected, the Internet of Things (IoT) opens a wealth of opportunities. However, they also present a cyberattack opportunity for criminals.

< <https://www.controlengeurope.com/article/190891/Standard-challenges-for-IoT-devices.aspx> https://www.controlengeurope.com/article/190891/Standard-challenges-for-IoT-devices.aspx>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

DNS über Quic spezifiziert

DNS über Quic spezifiziert: Die IETF hat den Standard für DNS über Quic (DoQ) als RFC 9250 veröffentlicht. DoQ soll einen ähnlichen Schutz der Privatsphäre bieten wie DoT und eine ähnlich geringe Latenz wie das klassische DNS über UDP. Darüber hinaus heißt es, dass ähnliche Fähigkeiten auch mit DoH bei der Nutzung von HTTP/3 erreicht werden könnten, DoQ passe aber besser zu Szenarien wie Zone-Transfers oder Anfragen von rekursiven an autoritative DNS-Server.

< <https://www.golem.de/news/ietf-julia-tesla-bitcoin-dns-ueber-quic-spezifiziert-2205-165428.html> https://www.golem.de/news/ietf-julia-tesla-bitcoin-dns-ueber-quic-spezifiziert-2205-165428.html>

 

**********************

OTHERWISE NOTEWORTHY

**********************

The Internet Origin Story You Know Is Wrong [registration]

The history of the internet is repeatedly reduced to the story of the singular Arpanet. But BBSs were just as important—if not more.

< <https://www.wired.com/story/internet-origin-story-bbs/> https://www.wired.com/story/internet-origin-story-bbs/>

 

The path to resolverless DNS

There is an intriguing mention of ‘server push’ in the specification of DNS over HTTPS (DoH) (RFC 8484). The RFC is somewhat vague in the description of server push, apart from noting a caveat that: “… extra care must be taken to ensure that the pushed URI is one that the client would have directed the same query to if the client had initiated the request (in addition to the other security checks normally needed for server push).”

< <https://www.potaroo.net/ispcol/2022-05/resolverless.html> https://www.potaroo.net/ispcol/2022-05/resolverless.html>

< <https://blog.apnic.net/2022/05/17/the-path-to-resolverless-dns/> https://blog.apnic.net/2022/05/17/the-path-to-resolverless-dns/>

 

Prof. Nii Narku Quaynor: The man who introduced the internet to West Africa

The history behind internet development and the emergence of internet service providers in Africa is a rarely told one.

< <https://www.ghanaweb.com/GhanaHomePage/NewsArchive/Prof-Nii-Narku-Quaynor-The-man-who-introduced-the-internet-to-West-Africa-1543511> https://www.ghanaweb.com/GhanaHomePage/NewsArchive/Prof-Nii-Narku-Quaynor-The-man-who-introduced-the-internet-to-West-Africa-1543511>

 

Ushering in the Next Generation of Root Zone Management by Kim Davies

A little over 10 years ago, ICANN helped launch the Root Zone Management System (RZMS), a suite of interrelated components that modernized the management of the DNS root zone. Some of the improvements it brought included automating many phases of processing, which improved processing accuracy and reduced processing times. Another improvement was launching a self-service portal that allows managers of TLDs to perform common tasks by themselves.

< <https://www.icann.org/en/blogs/details/ushering-in-the-next-generation-of-root-zone-management-19-05-2022-en> https://www.icann.org/en/blogs/details/ushering-in-the-next-generation-of-root-zone-management-19-05-2022-en>

 

Gert Döring Receives 2022 Rob Blokzijl Award

Today at RIPE 84 in Berlin, Gert Döring received the Rob Blokzijl Award for his long-standing contribution to the Address Policy Working Group and the RIPE community, and for his work to promote IPv6.

< <https://www.ripe.net/publications/news/announcements/gert-doring-receives-2022-rob-blokzijl-award> https://www.ripe.net/publications/news/announcements/gert-doring-receives-2022-rob-blokzijl-award>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home